Mobile app version of vmapp.org
Login or Join
Miguel251

: Managing accounts on a private website for a real-life community I'm looking at setting-up a walled-in (i.e. mostly private, with a small public-facing login page) website for a real-life community

@Miguel251

Posted in: #Authentication #CommunityManagement #Security #Users #WebsiteDesign

I'm looking at setting-up a walled-in (i.e. mostly private, with a small public-facing login page) website for a real-life community of people, and I was wondering if anyone has any experience with managing member accounts for this kind of thing.

Some conditions that must be met:


Each person is eligible for one account.
This community has a set list of real-life member who all mostly know each other, or at least know of each other.
We know each of their names and have a lot of other fragmented data like phone numbers, addresses, etc.
We don't expect or require that they all sign-up. It is purely opt-in, but we anticipate that many of them would be interested in the services we are setting up.
Some of the community members emails are known, but some of them have fallen off the grid over the years, so ideally there would be a way for them to get back in touch with us through the public-facing side of the site. (And we'd want to manually verify the identity of anyone who does so).
Their names are known, and for similar projects in the past we have assigned usernames derived from their real-life names. This time, however, we are open to other approaches, such as letting them specify their own username or getting rid of usernames entirely.


The specific web technology we will use (e.g. Drupal, Joomla, etc) is not really our concern right now -- I am more interested in how this can be approached in the abstract.

Our database already includes the full member roster, so we can email many of them generated links to a page where they can create an account. (And internally we can require that these accounts be paired with a known member). Should we have them specify their own usernames, or are we fine letting them use their registered email address to log-in? Are there any paradigms for walled-in community portals that help address security issues if, for example, one of their email accounts is compromised?

We don't anticipate attempted break-ins being much of a threat, because nothing about this community is high-profile, but we do want to address security concerns. In addition, we want to make the sign-up process as painless for the members as possible, especially given the fact that we can't just make sign-ups open to anyone.

I'm interested to hear your thoughts and suggestions! Thanks!

10.02% popularity Vote Up Vote Down


Login to follow query

More posts by @Miguel251

2 Comments

Sorted by latest first Latest Oldest Best

 

@Harper822

Rather than go to the massive trouble of setting up your own site, unless you want to do anything too advanced you might want to save a few weeks of you life and just try out sites.google.com. It's so easy, way more than Joomla.

It's so easy to set up an entire website that looks processional and can be set to only be accessible for people who you, the creator, accept. You can email invites. I don't think that it would not cater to people who are not invited yet, though. Still, if you are a beginner, it'd do the job and google would do all the hard work as well as providing excellent security.

10% popularity Vote Up Vote Down


 

@Eichhorn148

I realise this is an old question, but I figured I would give my answer anyway because I think this is something that is going to come up for other people.

The best way to do this in my opinion is to use a trust network, you allow 15 or so people you personally know into the system and you give them the ability to invite 5 people. The core 15 will understand the need for the system to remain fairly selective so you shouldn't have any issues with the first batch.

The new people should then be given the ability to invite others after a period of say 2 months (or maybe 30 days of activity on the site, or something) by this stage they should also get the idea of the site and future invites should be safe enough.

If it is a fairly small network I would just allow people to contact you from the main site if they feel they should get in without the need for an invite and you can manually verify them.

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme